Arrange access to GRNET OpenStack #5
Comments
|
please assign this one to @yan0s |
|
Also I think you will need to provide some configuration info @enolfc ? |
|
We have currently integrated EGI Check-In with our OpenStack. |
|
@yan0s you can register at https://perun.egi.eu/fed/registrar/?vo=hisea it should work with your existing Check-in identity. |
|
Hello @enolfc , I goτ the following error: |
I also experience the same error |
|
I had a similar issue. Please try clicking
If yes, then click submit. Then, according to https://operations-portal.egi.eu/vo/view/voname/hisea.c-scale.eu @sandragaytan should receive and approve your request to join the VO. I hope that helps. Best regards, |
|
Thanks @sebastian-luna-valero. That did it. Now I can see in Perun that I am a member of the VO. My test to make sure EGI Check-In is integrated with OpenStack was to create a group in EGI, become a member and then the entilement "urn:mace:egi.eu:group:registry:cloud.grnet.gr:role=member#aai.egi.eu" was granted to all members of the group. How can we get something similar with Perun? |
I also confirm that. I'm waiting now for the approval. Thanks @sebastian-luna-valero ! |
|
Hi @sebastian-luna-valero, according to the conversation you mentioned I should have the entitlement "urn:mace:egi.eu:group:hisea:members:role=member#aai.egi.eu". Trying to connect to our OpenStack service I can see that I do not have such an entitlement. |
|
In principle there shouldn't be any extra step for Check-in to get this info (if you are using the same user in Perun and Check-in). If this is not happening we need to get in touch with Check-in support to clarify. |
|
I have reported the issue to Check-in and will report back the answer. |
|
PERUN support confirmed that this issue is solved now. @yan0s could you please check whether you have the entitlement now? However, here is the error I get when I try to log into the GRNET's OpenStack service today: I think yesterday was working fine. |
|
@sebastian-luna-valero Can you please try again, there were some transient issues earlier today. |
|
That's working for me now, thank you very much! I guess we wait until others have joined the VO and confirmed access to the Horizon dashboard before closing the ticket? |
|
When I follow this link: https://perun.egi.eu/fed/registrar/?vo=hisea @yan0s can you share the link to your OpenStack Dashboard so we can try instantiate a VM? |
|
@backeb Please use https://ui.cloud.grnet.gr |
Thanks @soumplis I can access the OpenStack Dashboard. @sandragaytan could you follow the link and sign in using EGI SSO. If it works for you we can set up a test VM for @lorincmeszaros |
|
@backeb @lorincmeszaros @avgils test workflow to get access and feedback issues (if any) |
|
Hi @soumplis 👋 |
|
I guess you mean egi check-in not EGI SSO |
|
Yes, sorry I mean EGI Check-in (how is EGI Check-in different EGI SSO?)
After this step it takes me to https://aai.egi.eu and talks about "EGI AAI OpenID Connect Provider Proxy requires that the information below is transferred." After clicking "Yes" I get @enolfc @sebastian-luna-valero is there something going on with EGI Check-in? |
|
try incognito window, I think you have stale cache. |
|
Hello @backeb, to access the "C-SCALE-HiSea" project in our OpenStack you need to have the entitlement "urn:mace:egi.eu:group:group:hisea:role=member#aai.egi.eu" in your EGI account. You can verify you have this entitlement when logging in when you are on this page
If you don't have the entitlement you need to register to the hisea group in Perun. |
|
Hi, I am having the same issue. I also tried an incognito window. Please note that the VO info is hosted in Perun so I am wondering whether this is related: Is the Could @sustr4 please confirm? By the way @backeb here is https://aai.egi.eu/oidc/manage/user/profile how to get @yan0s info. Best regards, |
|
Hi @kkoumantaros and @yan0s I've tried also in an incognito window and still get the same error. I also have the entitlement |
|
It was a typo on my part, it should be fixed now. |
|
It's working now. Thank you very much @yan0s |
|
Thanks @yan0s, I can confirm it works for me now as well. |
|
please, tell me why and well justified do the entitlement now has a duplicate "group" since a week ago or so, because I can assure it didn't have before that date these changes in either the identity or atribute providers simply breaks things, i.e. authorization of the users, with no notification whatsoever to the resource providers |
|
@kkoumantaros this morning when I tried to access https://ui.cloud.grnet.gr/ using EGI SSO, I get an error: I guess something changed in the backend again with EGI Check-in can someone please fix this? |
|
I’m able to login
could you try a private window.
On 7 Sep 2021, at 9:52 AM, Bjorn Backeberg ***@***.******@***.***>> wrote:
@kkoumantaros<https://github.com/kkoumantaros> this morning when I tried to access https://ui.cloud.grnet.gr/ using EGI SSO, I get an error:
{"error":{"code":401,"message":"The request you have made requires authentication.","title":"Unauthorized"}}
I guess something changed in the backend again with EGI Check-in can someone please fix this?
cc @yan0s<https://github.com/yan0s> @sebastian-luna-valero<https://github.com/sebastian-luna-valero> @avgils<https://github.com/avgils>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#5 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AASE2ACXO563UJ6OR6AI5VDUAWZD5ANCNFSM47BARLKQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Koumantaros Kostas, MSc
Head of Strategy and Proposals Unit
European Infrastructures and Projects Directorate
…-------------------------------------------------
GRNET - Greek Research and Technology Network
7, Kifisias Av., 115 23, Athens, Greece
t: +30 210 7474241
f: +30 210 7474490
Follow us: www.grnet.gr<http://www.grnet.gr>
Twitter: @grnet_gr | Facebook: @grnet.gr
LinkedIn: grnet | YouTube: GRNET EDET
-------------------------------------------------
|
|
Same problem here. I tried logging in with a clean session. Could this be related to the entitlement update? Before we had: Now we have i.e. Please have a look at the Check-in configuration change explained in tdviet/fedcloudclient#54 (comment) |
|
@kkoumantaros I get the same error with an incognito window. I agree it could be related to the issue above @sebastian-luna-valero describes. Had the same issue on INCD |
|
Hello @backeb , it seems that the entitlement that the users of "hisea" group get from EGI (or Perun) has changed |
|
Many thanks @yan0s It works for me now. |
|
Hi, After a recent change in Perun (see this ticket FYI) I no longer have access to:
Summary of the change for C-SCALE VOs
Sorry for the inconvenience! |
|
Summary of the change for C-SCALE VOs
*
https://operations-portal.egi.eu/vo/view/voname/aquamonitor.c-scale.eu
: from aquamonitor to aquamonitor.c-scale.eu
* https://operations-portal.egi.eu/vo/view/voname/hisea.c-scale.eu:
from hisea to hisea.c-scale.eu
Hi, sorry, I may have underestimated the need to advertise this change.
I only sought agreement from Bjorn at the WP leaders' meeting. Yes, the
Perun team asked for our agreement with renaming the VOs. Wherever the
former "short" names are written literally in configuration, they
should be updated.
Zdeněk
|
|
mapping updated at INCD, please check |
|
It works for me again at INCD. Thanks @mariojmdavid |
Hi @kkoumantaros
for this use case we need access to GRNET's cloud, and later probably HPC.
The VO is currently being enabled in PERUN, see #1.
Please advise what we, the users, should do on our side to get access to the GRNET OpenStack.
Thanks
Bjorn
cc @sandragaytan @avgils @nikosT @soumplis @sebastian-luna-valero @yan0s @ntellgrnet
The text was updated successfully, but these errors were encountered: